posted 14 years ago
Hi,
I am using spring security for maintaining user authentication and authorization. We have different roles for our site. Now a admin can see all the logged in users and can logout any user from admin page.
I have an approach to make a custom filter and put it in the filter chain process of spring security. This filter will put the userId and sessionId of the user(after sucessful login), to a hashmap. A admin can iterate and see all the logged in users by iterating to that hash map.
Now when he clicks on logout button, how do i invalidate the session for that particular users. I can get sessionId based on a userId from hashmap, but i have no idea what to do with this session as i have no method like
HttpSession.invalidate(userSessionId);
Can someone please help me with any idea?